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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)S Responsive to communication(s) filed on 05 January 2007 . 
2a)D This action is FINAL. 2b)K This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^1 Claim(s) 1,2,5-12. 15-22.25 and 26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) 13 Claim(s) 7, 2, 5-72, 15-22, 25 and 26 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)D accepted or b)Q objected to by the Examiner. 

Applicant may not request that any objection to the drawing'(s) be held in abeyance. See 37 CFR 1 .85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
11 )D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 
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DETAILED ACTION 

Response to Arguments 

1 . In view of the Appeal Brief filed on 01/05/2007, PROSECUTION IS HEREBY 
REOPENED. A new ground of rejection is set forth below. 

To avoid abandonment of the application, appellant must exercise one of the following 
two options: 

(1) file a reply under 37 CFR 1.111 (if this Office action is non-final) or a reply under 37 
CFR 1.113 (if this Office action is final); or, 

(2) request reinstatement of the appeal. 

If reinstatement of the appeal is requested, such request must be accompanied by a 
supplemental appeal brief, but no new amendments, affidavits (37 CFR 1.130, 1.131 or 1.132) 
or other evidence are permitted. See 37 CFR 1.193(b)(2). 

2. In the appeal brief filed 01/05/2007, applicant argued that the art on record Hillhouse 
(US 6,052,468) fails to teach generating at least one indicator that identifies a user and is 
associated with and identifies at least one authentication mechanism that has been used to 
authenticate the user, ...wherein the at least one characteristic associated with the 
authentication mechanism includes a measure of strength of the authentication mechanism . 
Applicant's arguments have been fully considered and are persuasive. The rejections of claims 
1, 2, 5-12, 15-22 and 25-26 under 35 USC 102(e) as being anticipated by Hillhouse (US 
6,052,468) has been withdrawn. 

3. Claims 1, 2, 5-12, 15-22, 25 and 26 are pending. 
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Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

4. Claims 21, 22, 25 and 26 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. The term "configured to" in claims 21 does not necessarily 
incorporate the cited claim limitations into the resulting claim. Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 

i 

basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

6. Claims 1, 2, 5-12, 15-22, 25 and 26 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Wood et al. US 6,609,198 B1 (hereinafter Wood). 

7. As per claims 1 , 10, 11 and 20, Wood teaches a method for use in a computer capable, 
of supporting multiple authentication mechanisms, the method comprising: 

generating at least one indicator that identifies a user (i.e., session id, principal id, user 
id, etc..,), and is associated with and identifies at least one authentication mechanism that has 
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been used to authenticate the user (i.e., associated authentication scheme) [column 19, lines 1- 
11 and column 20, lines 1-17], and is associated and identifies at least one authentication 
mechanism that has been used to authenticate the user [column 19, lines 1-11 and column 20, 
lines 1-17], wherein generating the indicator further includes identifying within the indicator at 
least one characteristic associated with the authentication mechanism, wherein the at least one 
characteristic associated with the authentication mechanism includes a measure of strength of 
the authentication mechanism (i.e., trust level associated with various authentication methods 
and where higher trust level indicates a higher strength of authentication mechanism) [column 
20, lines 17-35]; and 

controlling the user's access to at least one resource based on the indicator [column 20, 
lines 17-35]. 

8. As per claims 21 and 26, Wood teaches an apparatus comprising: 

at least one authentication mechanism configured to generate at least one indicator that 
identifies a user (i.e., session id, principal id, user id, etc..,), and identifies the authentication 
mechanism that has been used to authenticate the user (i.e., associated authentication scheme) 
[column 19, lines 1-11 and column 20, lines 1-17], wherein the indicator further includes at least 
one identifying characteristic associated with the authentication mechanism [column 19, lines 1- 
1 1 and column 20, lines 1-17], wherein the at least one identifying characteristic associated with 
the authentication mechanism indicates a measure of strength of the authentication mechanism 
(i.e., trust level associated with various authentication methods and where higher trust level 
indicates a higher strength of authentication mechanism) [column 20, lines 17-35]; 
an access control list [column 12, lines 51-65 and 13, lines 1 1-25]; 
- at least one access control resource [column 12, lines 51-65 and 13, lines 11-25]; and 
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logic operatively configured to compare the indicator with the access control list and 
selectively control the user's access to the resource based on the indicator [column 12, lines 51- 
65, 13, lines 11-25 and column 20, lines 17-35]. 

9. As per claims 2, 12 and 22, Wood further teaches the system wherein, generating the 
indicator further includes receiving inputs, providing the inputs to the authentication mechanism, 
and causing the authentication mechanism to generate at least one security identifier (SID) that 
identifies the authentication mechanism [column 19, lines 1-11 and column 20, lines 1-17]. 

10. As per claims 5, 15 and 25, Wood further teaches the system, wherein the measure of 
strength of the authentication mechanism identifies a length of an encryption key employed by 
the authentication mechanism (i.e., see figure 4, session credentials, long, short 64bit etc.,). 

11. As per claims 6-9 and 16-19, Wood further teaches the system, wherein controlling 
access to the resource based on the indicator further includes comparing the indicator to at 
least one access control list having at least one access control entry therein [column 12, lines 
51-65, 13, lines 11-25 and column 20, lines 17-35]. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Beemnet W. Dada whose telephone number is (571) 272-3847. The 
examiner can normally be reached on Monday - Friday (9:00 am - 5:30 pm). 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private 
PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you 
would like assistance from a USPTO Customer Service Representative or access to the 
automated information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Beemnet W Dada 




April 29, 2007 /v/KiWlVU 



